Electronic health record giant NextGen dealing with cyberattack

Hospital technology giant NextGen Healthcare said it is responding to a cyberattack after a notorious ransomware group added the company to its list of victims. 

The multibillion-dollar healthcare giant produces electronic health record (EHR) software and practice management systems for hundreds of the biggest hospitals and clinics in the U.S., U.K., India and Canada.

On Tuesday, hackers associated with the AlphV/BlackCat ransomware added the company to its list of victims alongside several other businesses.

A spokesperson for NextGen Healthcare said it is aware of the claim and explained that they have been working with cybersecurity experts to “investigate and remediate” the issue. 

“We immediately contained the threat, secured our network, and have returned to normal operations,” the spokesperson said. “Our forensic review is ongoing and, to date, we have not uncovered any evidence of access to or exfiltration of client data. The privacy and security of our client information is of the utmost importance to us.”

ALPHV #ransomware group added 3 new victims to their leaks site.
- NextGen Healthcare
- Fresh Del Monte
- PharmaCare Services#DarkWeb #DeepWeb #databreach #cyberrisk pic.twitter.com/8xk7fg8wQT

— FalconFeedsio (@FalconFeedsio) January 19, 2023

AlphV/BlackCat continues to be one of the most commonly seen ransomware strains, accounting for more than 100 attacks since it emerged in 2021. 

Several experts believe the ransomware is used by the same people who attacked Colonial Pipeline in 2021.

The criminal gang has existed in some form since 2012, according to researchers from Symantec, who said it began using the Carbanak malware to steal money from organizations in the banking, hospitality and retail sectors.

Three members of the group were arrested in 2018 before it evolved into a ransomware-as-a service (RaaS) operation around 2020.

It has repeatedly updated its ransomware operation since the headline-grabbing attack on Colonial Pipeline — in which it used the Darkside ransomware to cripple gas stations across the East Coast in May 2021. 

Scrutiny from law enforcement forced the group to shelve the ransomware and create a new one named BlackMatter, which was used to target agricultural companies during harvest season in the fall of 2021.

AlphV/BlackCat has now been used in other high profile attacks on colleges and universities across the U.S. as well as businesses like Japanese video game giant Bandai Namco, toy production company Jakks Pacific, two German oil companies and Italian fashion brand Moncler.

The FBI said last year that the ransomware was the first to successfully use RUST, a programming language that many consider to be more secure than others. 

“BlackCat-affiliated threat actors typically request ransom payments of several million dollars in Bitcoin and Monero but have accepted ransom payments below the initial ransom demand amount,” the FBI said. 

“Many of the developers and money launderers for BlackCat/ALPHV are linked to Darkside/Blackmatter, indicating they have extensive networks and experience with ransomware operations.”

A representative of the group spoke to The Record in February 2022, claiming that most of the major ransomware groups are somewhat connected because of how they operate.